October 3, 2010- Episode 177

Episode 177:

This week’s regular episode of  The Cyberjungle  is 1 hour and 16 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 177 via the flash player:

Interview

Dr. Eric Cole is an instructor at the SANS Institute and a CTO with McAfee.  He discusses data security based upon actions, rather than just signatures of attacks.  Dr. Cole’s interview begins about 25 minutes into Episode 177.

Tales from the Dark Web

Restaurant Security Fails – $200,000 in fraudulent credit card charges made after a restaurant purchased a new PCI compliant point of sale system, but failed to take the other steps needed to secure the information. Many businesses are failing to secure their point of sale systems and other parts of their business. They run out of date software, insecure systems. Most small businesses still don’t think they are a target for cyber criminals.

Our Take on This Week’s News

Obama Administration seeks wiretap access through backdoors to all online communication channels. The effort would include a requirement for access to encrypted communications. The EFF points out this battle has already been won once.

Rat on your neighbor, part II – Meanwhile, Department of Homeland Security launches a suspicious activity report database.

Poor Tyler Clementi, the Rutgers student whose gay tryst was available to his roommate’s chat partners via webcam, has not yet been laid to rest, and a state lawmaker is seizing upon his suicide to get attention for herself. Thumbs way down to these vultures who climb upon the bones of dead teenagers to get publicity or to shill for legislation that would otherwise go nowhere. This is all too common.

Another episode of Databreach Theater – Courthouse News reports on a databreach case originating in a Kansas prison.  The Six Circuit Court apparently concluded that an act can be simultaneously “inadvertent” and “willful.”

Zeus arrests – Bank Account Takeover Attack gang members arrested in three countries. The Zues attacks nonetheless continue, with one of many variants now targeting mobile banking users.

Judge acquits speeding motorcyclist who used a helmet cam to record traffic antics and a traffic stop by an armed plain-clothes cop.

Stuxnet Update- The Saga Continues: Could this attack ‘inspire’ similar attacks? Was the attack targeting India rather than Iran? China has also had a taste of Stuxnet.

Bug Bounty -Should major cloud services/sites set up a bounty system for web app bugs?

CyberJungle FAQ:

Skip the Adobe PDF mess and download Foxitsoftware’s PDF reader

For easy, much more secure tool one can use for online banking, use Webconverger

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: